2 Answers
2

IMO, if you have to ask, then you need to find a webmaster/web developer with some security expertise to handle the situation.

There are millions of ways a site could be compromised and infected with malware. There isn't a magical program you can just run on your server to remove the malware infection. So without knowing how the system was built, how it was compromised, and what kind of malware it is, there's no way for us to tell you how to remove it.

If you don't want to hire a security-conscious webmaster, then your best bet is to delete the site, restore from a backup, change your passwords, and update all of your software.

But if you don't know how or when the site was compromised, and if the exploit used was in your custom-written code, in your configurations, or still exists in the latest version of your software, then you'll just be compromised again.